Gotenberg has Chromium deny-list bypass via case-insensitive URL scheme (bypass of GHSA-rh2x-ccvw-q7r3)
Impact The fix introduced in version 8.1.0 for GHSA-rh2x-ccvw-q7r3 CVE-2024-21527 can be bypassed using mixed-case or uppercase URL schemes. The default --chromium-deny-list value is ^file:?!///tmp/.. This regex is anchored to lowercase file: at the start. However, per RFC 3986 Section 3.1, URI...